diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-12-05 16:44:41 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-12-05 16:44:41 +0000 |
| commit | 2db1ef4ac8928944958712923b9c89c263a337d2 (patch) | |
| tree | 700043d9d97b7e7ba344b448918728af0a8be8d1 /NEWS | |
| parent | 5dc75410286b0e3a16845b44dd696ba0f40df573 (diff) | |
| download | vyos-strongswan-2db1ef4ac8928944958712923b9c89c263a337d2.tar.gz vyos-strongswan-2db1ef4ac8928944958712923b9c89c263a337d2.zip | |
- Updated to new upstream.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 39 |
1 files changed, 39 insertions, 0 deletions
@@ -1,3 +1,42 @@ +strongswan-4.2.9 +---------------- + +- Flexible configuration of logging subsystem allowing to log to multiple + syslog facilities or to files using fine-grained log levels for each target. + +- Load testing plugin to do stress testing of the IKEv2 daemon against self + or another host. Found and fixed issues during tests in the multi-threaded + use of the OpenSSL plugin. + +- Added profiling code to synchronization primitives to find bottlenecks if + running on multiple cores. Found and fixed an issue where parts of the + Diffie-Hellman calculation acquired an exclusive lock. This greatly improves + parallelization to multiple cores. + +- updown script invocation has been separated into a plugin of its own to + further slim down the daemon core. + +- Separated IKE_SA/CHILD_SA key derivation process into a closed system, + allowing future implementations to use a secured environment in e.g. kernel + memory or hardware. + +- The kernel interface of charon has been modularized. XFRM NETLINK (default) + and PFKEY (--enable-kernel-pfkey) interface plugins for the native IPsec + stack of the Linux 2.6 kernel as well as a PFKEY interface for the KLIPS + IPsec stack (--enable-kernel-klips) are provided. + +- Basic Mobile IPv6 support has been introduced, securing Binding Update + messages as well as tunneled traffic between Mobile Node and Home Agent. + The installpolicy=no option allows peaceful cooperation with a dominant + mip6d daemon and the new type=transport_proxy implements the special MIPv6 + IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address + but the IPsec SA is set up for the Home Adress. + +- Implemented migration of Mobile IPv6 connections using the KMADDRESS + field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon + via the Linux 2.6.28 (or appropriately patched) kernel. + + strongswan-4.2.8 ---------------- |